US-CERT Publishes Recommendations for Preventing Cyber Security Attacks

July 23, 2011
Cyber Security, FedCyber Wire
No Comment

via Web Host Industry Review

The United States Computer Emergency Readiness Team ( announced on Friday it has published a Technical Security Alert in response to the increasing number of high-profile incidents, which have impacted both government and privatesector computer networks.

The report comes just weeks after LulzSec ended its 50-day hacking spree, launching attacks against the websites of many organizations, including PBS, Fox and the CIA.

The Technical Security Alert provides the recommendations for preventing cyber attacks, starting with the deployment of a host intrusion detection system to help block and identify common attacks.

The TSA also suggests that organizations should use an application proxy in front of web servers to filter out malicious requests, ensuring that the “allow_URL_fopen” is disabled on the web server to help limit PHP vulnerabilities from remote file inclusion attacks, and limiting the use of dynamic SQL code by using prepared statements, queries with parameters, or stored procedures whenever possible.

Organizations should follow the best practices for secure coding and input validation, as well as use the secure coding guidelines.

Other recommendations include reviewing US-CERT documentation related to DDoS attacks, and disabling active scripting support in email attachments unless required to perform daily duties.

The alert also highlights specific measures for organizations to protect their password and account, including using a two factor authentication method for accessing privileged root level accounts, using a minimum password length of 15 characters for administrator accounts, and using alphanumeric passwords and symbols.

Additionally, organizations should implement guidance and policy to restrict the use of personal equipment for processing or accessing official data or systems, develop policies to carefully limit the use of all removable media devices, except where there is a documented valid business case for its use, and introduce guidance and policies to limit the use of social networking services at work.

The full Technical Security Alert document can be viewed on US-CERT’s website.

Original article here.